I am using community build 6.2.4 build 8088.
I am trying to make a profile "read-only". The idea is that I let some users just browse and preview some documents in some folder (Map A). All works fine until the user starts searching on keyword or document name. Then that user gets results outside of its authorizations.
If map B is now accessable (not viewable) for this user, and there is a searchterm (keyword or document name) entered that matches a document in Map B, the search result shows extracts and a path that this user is not allowed to see.
So my wish is that there is a security check before showing results in a search (does the user have rights to this document according to user and to role?) Strangely enough the authorization concept *does* work when you search for a map and does *not work* when searching on document names and keywords.
In my opinion this is quite a serious thing when people have sensitive documents on an OpenKM server. I could search for 'Budget' or 'Lay-offs' and get an extract on an document that has information about that..
I am trying to make a profile "read-only". The idea is that I let some users just browse and preview some documents in some folder (Map A). All works fine until the user starts searching on keyword or document name. Then that user gets results outside of its authorizations.
If map B is now accessable (not viewable) for this user, and there is a searchterm (keyword or document name) entered that matches a document in Map B, the search result shows extracts and a path that this user is not allowed to see.
So my wish is that there is a security check before showing results in a search (does the user have rights to this document according to user and to role?) Strangely enough the authorization concept *does* work when you search for a map and does *not work* when searching on document names and keywords.
In my opinion this is quite a serious thing when people have sensitive documents on an OpenKM server. I could search for 'Budget' or 'Lay-offs' and get an extract on an document that has information about that..